[PATCH RESEND] hgweb: add group authorization

Wed Apr 17 20:30:47 UTC 2013

On Sat, 2013-02-23 at 00:43 +0100, Markus Zapke-Gründemann wrote:
> Matt Mackall schrieb:
> > On Fri, 2013-02-22 at 16:02 +0100, Markus Zapke-Gründemann wrote:
> >> Markus Zapke-Gründemann schrieb:
> >>> Markus Zapke-Gründemann schrieb:
> >>>> # HG changeset patch
> >>>> # User Markus Zapke-Gründemann <markus at keimlink.de>
> >>>> # Date 1360231888 -3600
> >>>> # Node ID d2dbfdee987a51efb6f4ad69e3b116aa22553326
> >>>> # Parent  2fefd1170bf269e26bb304553009f38e0117c342
> >>>> hgweb: add group authorization.
> >>> Here is a description how to use group authorization. This is also part of the
> >>> patch for the documentation.
> >>>
> >>>
> >>> With the patch it is possible to use groups together with usernames in the
> >>> allow_read, allow_write, deny_read and deny_write lists. A group name is
> >>> prefixed by an @. Groups can either be groups defined in the groups_section
> >>> (explained below) or Unix groups. If a group from the groups_section has the
> >>> same name as an Unix group it is used instead.
> >>>
> >>>
> >>> The groups_section
> >>>
> >>> Name of hgrc section used to define groups for authorization.
> >>> Default is web.groups. Use the section to define the groups used
> >>> by authorization.
> >>>
> >>> Example:
> >>>
> >>>     [web]
> >>>     allow_read = @devs
> >>>
> >>>     [web.groups]
> >>>     devs = alice, bob, clara, david
> >>>
> >>> Groups can contain other groups:
> >>>
> >>>     [web]
> >>>     allow_read = @devs, @testers
> >>>     allow_push = @devs
> >>>
> >>>     [web.groups]
> >>>     devs = alice, bob, clara, david
> >>>     ci = hudson
> >>>     testers = @ci, lisa, mario
> >> I changed the patch as proposed by Mads and explained the functionality in my
> >> last email. Is there still anything missing or is the group authorization
> >> feature not wanted?
> > 
> > I've only seen one version of the patch?
> > 
> I resent the patch with all unnecessary stuff removed on Feb 7:
> 
> http://selenic.com/pipermail/mercurial-devel/2013-February/048710.html
> 
> The explaination of the group authorization functionality is quoted above.
> 
> I would like to know if there is anything missing or wrong.

So.. this didn't work out well.

This list is like TCP: if you don't get a response, you have to keep
resending. 

The biggest problem is I don't have a current copy of your patch in my
inbox ("I've only seen one copy?"), which means I have to do a whole
bunch of extra work to respond to it, like digging it out of archives
and pasting it into an email.

Also, my whole patch queueing workflow also relies on having stuff in my
inbox; digging patches out of HTML URLs doesn't happen.

Together with my rather large backlog[1][2], that means I've always got
a week's worth of much-easier-to-deal-with stuff than figuring out
what's going on here.

(As it happens, I probably pruned your [RESEND] message immediately on
receipt. There was no indication it was different from the first copy
until five days later, and I have to aggressively prune out duplicate
mail to stay on top of things. hg email --flag v2 in the future,
please.)

Wagner's patch looks like a smaller step in the right direction, so I'll
probably take that for 2.6 so we at least make some forward progress
here.

[1] http://selenic.com/inbox
[2] https://hgpatches.appspot.com/

-- 
Mathematics is the supreme nostalgia of our time.